I have a cloudformation template that creates an EC2 launch template.
In the UserData section of the template I need to fetch a SSM secure parameter and expose it as an environment variable to initialise my VM. I am trying to use !Sub
but my output is not what I expect. Here's my sample code:
TestJenkinsMasterLaunchTemplate:
Type: 'AWS::EC2::LaunchTemplate'
UserData:
Fn::Base64: !Sub
- |
#!/bin/bash
echo ${azure_client_id}
- azure_client_id: '{{resolve:ssm-secure:/Jenkins/Production/AzureAdClientId:1}}'
The output in the /var/log/cloud-init-output.log
file is the template itself: {{resolve:ssm-secure:/Jenkins/Production/AzureAdClientId:1}}
.
How can I resolve the SSM parameter properly?
Use the AWS CLI :
azure_client_id=$(aws --region=us-east-1 ssm get-parameter --name "azure_client_id" --with-decryption --output text --query Parameter.Value
Make sure you: define the userdata as a bash shell script, install aws cli, and make sure the instance role has the correct policies.
Example user data script:
#!/bin/bash
apt-get install -y awscli
export AWS_ACCESS_KEY_ID=your_access_key_id_here
export AWS_SECRET_ACCESS_KEY=your_secret_access_key_here
azure_client_id=$(aws --region=us-east-1 ssm get-parameter --name "azure_client_id" --with-decryption --output text --query Parameter.Value
Use that user data script in your cloud formation template.
See https://docs.aws.amazon.com/cli/latest/reference/ssm/get-parameter.html
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.